Worst Passwords of 2015. Did Yours Make the List?


This article was posted in Security Today magazine and we found it pretty interesting. Password security is very important to us at Kenton Brothers.  Did your password make the list?

A recent study by a password management company called SplashData just released a list of the 25 worst passwords of 2015.

They gathered the data by counting up the most common passwords out of over 2 million passwords leaked over the past year. And clearly, we are bad at creating a password that does its best to protect our information, despite the national headlines of data breaches and cyber criminals.

Some of the worst passwords have surprisingly remained the same since SplashData’s first list in 2011. Passwords like “123456” and “password” have topped the list since the beginning.

So without further ado, here are the worst possible passwords, ranked by popularity, you could be using:

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345
  6. 123456789
  7. football
  8. 1234
  9. 1234567
  10. baseball
  11. welcome
  12. 1234567890
  13. abc123
  14. 111111
  15. 1qaz2wsx
  16. dragon
  17. master
  18. monkey
  19. letmein
  20. login
  21. princess
  22. qwertyuiop
  23. solo
  24. passw0rd
  25. starwars

Comparing this list to the lists before, the 2015 worst passwords are longer than in past years, for example the 10 characters in “1234567890.” A 10-digit password has nearly 1 million times more possible combinations than a four-digit password, but that’s not nearly complex enough to get in the way of password-cracking software.

The other side of having a longer password is users are more apt to use a patterned password because of the length requirement. This is why we see passwords like, “1qaz2wsx” or “qwertyuiop.” Those passwords are created by hitting the keys in the first couple of columns of your keyboard or the top row of lettered keys.

Many websites now try to force us into creating stronger passwords even though our first inclination is to make it something memorable. The websites use password strength meters and minimum character requirements in order to help us out.

These strength meters vary in intensity depending on what kind of information the web account will hold. Account information for your bank is obviously going to require a certain amount of letters, numbers and maybe even a punctuation mark in order to successfully complete your password.

Here’s the thing though, SplashData has been creating this list of “Worst Passwords” since 2011 and with the increase in the frequency of headlines involving data breaches and cyber criminals, you would think that the general public would catch on. The more complex your password, the hard it is to get into your account. But still we have lists like these in 2015 where the password, “password” is sitting pretty at the second most popular password.

With everything becoming digital, you do need a password for everything you sign up for. From banking to your music purchases, to your online clothing stores, to UPS and FedEx, you need to keep up with account information for all of it. Luckily, because we do live in the 21st century, there are secure programs that can help you keep it all straight, for instance, SplashData who created the list in the first place.

SplashData is a secure site that allows you to keep all of your passwords in their database. All you have to do is remember one password to access your account. I think that’s a pretty great tradeoff. Once you create your account with SplashData you can sync your other web accounts to the program and it will begin to process your information.

There are other password management systems as well, like LastPass, the free password manager that is an extension that you connect straight to your Chrome browser. This management system helps to make your password process simpler by generating new secure passwords each time you log into a website. After installing the Chrome extension, you can also enter account credentials for websites you’d like LastPass just to remember.

So maybe you don’t trust a password management system. That’s okay, some people have trust issues. If you don’t want to use a system, just be sure you follow a few simple tips when creating your passwords. First, make your password hard to guess. Avoid using your birthday, or dog’s name, things others may know about you or could find out just by looking at your Facebook page.

Second, make them as long and complex as possible. Use at least 14 characters and mix letters, numbers and special characters to lessen the chance that someone could just guess your passcode. Avoid easy-to-guess patterns and try combining words that usually do not correspond with each other.

Lastly, only use that one password for one account. You should create a new password, unlike any other you have created before, for each account you open that is password protected. While this does make things hard to remember, it is ultimately the most secure decision. If you are using the same password for your Facebook page and your bank account, things could go really bad if your Facebook password gets gathered in a data breach.

With all these lists, tips and more, you should be prepared to get on out into the digital world armed with the knowledge to create a better password. And please, if your password made the 2015 list of worst passwords ever, do yourself a favor and go change all your passwords, NOW!